Hi,
If it helps, commons weaver (
https://commons.apache.org/proper/commons-weaver/commons-weaver-parent/commons-weaver-modules-parent/commons-weaver-privilizer-parent/index.html)
can help for the backport part (enable or not the run in build.xml).
Romain
Le dim. 2 oct. 2022 à 06:42, Christopher Schultz <
ch...@christopherschultz.net> a écrit :
> Emmanuel,
>
> On 9/28/22 11:05, Emmanuel Bourg wrote:
> > The security manager has been deprecated for removal in Java 17 [1], and
> > at some point Tomcat will have to stop supporting it.
> >
> > Do we want to wait until it's no longer available in the JDK to remove
> > it from Tomcat, or should we remove it earlier, maybe in Tomcat 10.1 or
> 11?
> >
> > I tend to think there are better solutions at the OS level to isolate a
> > Tomcat instance nowadays, and I lean toward dropping it before its
> > removal from the JDK.
> >
> > What do you think?
>
> My only concern is that it may cause some headaches for anything we want
> to back-port.
>
> Mark has a separate thread about Loom and there will obviously be some
> significant changes and incompatibilities introduced by that as well.
> Doing them together makes sense to me.
>
> But the SM code permeates all of Tomcat where the Loom stuff is likely
> to be much more isolated. I think it will have farther-reaching impacts.
>
> -chris
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>
